Windows XP Pro and a Group Policy

[Pauzotah]

Heres a good one....

Bought for my workplace, 21 brand new HP dx5150 PC's. All pre-installed with XPP. Install my Netware Client 4.90 sp2. Attach to the network, great so far.

First user, never been on these PC's before logs in and...group policy that secures and restricts various things doesnt kick in, user logs out and then back in again then the GP works fine. Same for all the other users, first time no policy, log out and back in again policy does its thing.

Now i have seen many posts around the place going on about the 'wait for network before carrying on' reg hack and also about a couple of other things but they dont seem to work.

BUT, when i format the machine i install XPP from fresh, any user whether he be new or old gets the policy everytime.

This only happens with pre-installed new PC's.

Can someone explain that so i dont have to format PC's everytime we buy them?

 

[bcastner]

No registry hack. You need to add a new policy object to make Group Policy synchronization under XP work as it dows under Win2k. As I wrote under a FAQ on this site:

3. Asynchronous processing of logon commands.

You may experience extremely long delays (up to 5 minutes) when logging into domains using Windows XP Pro. This is caused by the asyncronous loading of networking during the boot up process. This speeds up the login process in a stand-alone workstation by allowing the user to log in with cached logon credentials before the network is fully ready.

To disable this "feature" and restore your domain logons to their normal speed, open the MMC and add the group policy snap-in. Under Computer Configuration-->Administrative Templates-->System-->Logon, change "Always wait for the network at computer startup and logon" to ENABLED.

This can be fed to clients via a group policy from a Windows 2000 server by upgrading the standard policy template with the XP policy template. Since this is an XP only command, non-XP systems will ignore it in a domain distributed group policy.

If you do not make this group policy seting, then any change in Group Policy can require (by Microsoft's estimation) up to three logons for the XP client to be up to date with any changes.



____________________________
Users Helping Users

 

[Pauzotah]

Sorry, we have tried that already, i mentioned the 'wait for network before carrying on' which is actually what your referring to, i apologise for the way i wrote but i posted this problem away from the office so was unable to word it exactly.

All our workstations are Windows XP Pro, the only ones that suffer with this problem are the ones i havent formatted and have had XPP pre installed.

 

[bcastner]

Place a gpupdate.exe line in the logon script. This will ensure that all updates are applied immediately.

Remember that GPOs are in the main registry 'tattoos'. The fact that a GP changes the registry, which has already been read at logon, is blind to the XP client until the registry is read at the next logon.

I do not believe there is a way to force re-reading the registry other than a new logon. Some tatoos will apply immediately: for example those for Internet Explorer would apply immediately on next start of IE, as that is when the registry entries are read. Those for Windows Explorer would apply nearly immediately as it is refreshed so often. But as a general statement a full re-reading of the registry would be required for the GP's to apply in force, and this is only done at logon.




____________________________
Users Helping Users